AntiXss库，如何实现..... [英] AntiXss library,How to implement.....

问题描述

您能告诉我，什么是AntiXss Library?

它可以在.net 3.5 Framework(vs2008)上运行吗?

如何实现?

如果使用sql注入，是否可以避免?

PLz回复...

Can you Tell me, What is AntiXss Library ?

Is It works on .net 3.5 Framework(vs2008)?

How it is implemented ?

Is Sql injection avoid ,if we use it?

PLz reply......

推荐答案

[^ ]

如果您下载了v4.2，则可能会由于文件名更改而看到错误-已修复.请安装v4.2.1.

此版本解决了HTML Sanitizer中的漏洞MS12-007 http://technet.microsoft.com/zh-cn/security/bulletin/ms12-007，并添加了对.NET 4.0的完全支持以及对.NET的恢复支持2.0.

清理程序已更改为删除它遇到的所有CSS，这种新行为意味着，如果不再使用HTML保留CSS格式，那就不再是这种情况了.

除了纠正漏洞所需的更改之外，还有一些新功能；
最低要求.
现在，您可以再次将编码器库与.NET 2.0结合使用.安装程序将为受支持的每个框架版本，.NET 2.0，.NET 3.5和.NET 4.0创建目录，其中包含针对该平台的编码器的优化版本.
无效的Unicode不再引发异常.
现在将无效的Unicode字符替换为Unicode替换字符U + FFFD( ).以前，当通过HtmlEncode，HtmlAttributeEncode，XmlEncode，XmlAttributeEncode或CssEncode对字符串进行编码时，将检测到无效的Unicode字符并引发异常. 添加了UrlPathEncode.
编码库现在具有UrlPathEncode，它将对字符串进行编码，以用作URL的路径部分.
.NET 4.0编码器支持.
终于有了将AntiXSS交换到框架中的正式方法.如果您使用的是.NET 4.0，请确保使用的是.NET 4.0版本的编码库，然后编辑web.config并将encoderType属性添加到httpRuntime元素.即
< httpruntimecodertype ="Microsoft.Security.Application.AntiXssEncoder，AntiXssLibrary">
此版本的评论

[^]

If you downloaded v4.2 you may see an error due to filename changes - this has been fixed. Please install v4.2.1.

This release addresses a vulnerability in the HTML Sanitizer, MS12-007 http://technet.microsoft.com/en-us/security/bulletin/ms12-007 and adds full support for .NET 4.0 as well as restoring support for .NET 2.0.

The sanitizer has been changed to remove all CSS it encounters, this new behaviour means that if you were keeping CSS formatting from HTML that is no longer going to be the case.

In addition to the change necessary to correct the vulnerability there are a few new features;
Minimum Requirements.
You can now, once again, use the encoder libraries with .NET 2.0. The installer will create directories for each framework version supported, .NET 2.0, .NET 3.5 and .NET 4.0 which contain an optimized version of the encoders for that platform.
Invalid Unicode no longer throws an exception.
Invalid Unicode characters are now replaced with the Unicode replacement character, U+FFFD (�). Previously, when encoding strings through HtmlEncode, HtmlAttributeEncode, XmlEncode, XmlAttributeEncode or CssEncode invalid Unicode characters would be detected and an exception thrown.
UrlPathEncode added.
The encoding library now has UrlPathEncode which will encode a string for use as the path part of a URL.
.NET 4.0 encoder support.
There’s finally an official way to swap AntiXSS into the framework. If you are using .NET 4.0 ensure you are using the .NET 4.0 version of the encoding library and then edit your web.config and add the encoderType attribute to the httpRuntime element; i.e.
<httpruntime encodertype="Microsoft.Security.Application.AntiXssEncoder, AntiXssLibrary">
reviews for this release

这篇关于AntiXss库，如何实现.....的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！